The State of North Dakota defends us against about 5.6 million cyber attacks per month. That means hackers attempt to breach our devices 75 million times each year.
Renée Cooper has been investigating cyber attacks against the North Dakota government for several weeks. She shares how seriously we should be taking this issue, and what Governor Doug Burgum has put in place as a defense.
Our state actually saw a spike in cyber attacks in the month of October, reaching 7 million attempts. But that’s nothing compared to what the state’s Chief Information Officer has seen before. His department has battled back as many as 11 million in a month.
We sat down with Governor Burgum and his team to ask the tough question: What’s being done to keep you safe?
Hackers tend to target government software, but it’s not the Governor’s cellphone number or Emails they’re after, they want your information. And North Dakota’s State Government is the most direct link when it comes to your personal data.
Chief Information Officer for the State of North Dakota Shawn Riley explains, “So it gives them this big, lucrative target to be able to go after, in our case, 800,000 peoples-worth of information.”
Think about it: your tax documents, your license, your marriage license, your children’s social security numbers, they’re all embedded in State Government.
North Dakota Governor Doug Burgum adds, “Across the gamut, we have such a large footprint of data that touches almost every citizen. I mean it’s one of the essential aspects of government that we’re entrusted to do, is to make sure that we’re protecting the data that belongs to those citizens.”
The latest, most popular hack, is ransomware.
Riley explains, “They try to lock down, encrypt systems, and then ransom you to be able to get your own system back.”
Take the city of Atlanta, Georgia for example. In March this year, all government computers went down through a massive ransomware attack, meaning hackers used brute force to guess weak passwords until one broke open.
It cost the city 9.5 million dollars to get back on track. The effects were so widespread that officials had to complete all paperwork by hand.
At a Senate hearing this spring, the FBI said these crimes are becoming increasingly difficult to investigate.
Ex-FBI Assistant Director Scott Smith says, “The FBI conducts it’s cyber-mission with the goal of imposing costs and consequences on the adversary. And though we would like to arrest every cyber criminal, we recognize indictments are just one tool in a suite of options that are available to the US government, when deciding how best to approach this complex cyber threat.”
An FBI spokesperson told KX News, cybersecurity will continue to be a top priority for them, because it’s a threat to National Security as well.
But closer to home, our North Dakota IT Department fights the battle for North Dakotans 24/7.
Riley adds, “The unfortunate part with cyber is that as we adapt, so do our adversaries, and the adversaries tend to adapt faster.”
The map attached above is of the departments and sub-departments within the North Dakota government. It’s all one big connected web.
The bigger dots in red have the heaviest level of protection, then the yellow, then the small green dots.
The problem is, even if a hacker can only get into a department in green, because everything is connected, they’ve now broken in and have access to all state-wide information.
Here are some solutions to the problem: money and manpower.
Currently the ITD has 11 full-time employees dedicated to thwarting cyber attacks. The department is requesting an additional 21 million from the state to upgrade software and hire another 31 employees, in the next two years.
Governor Burgum also says we need to swap from a server based platform, and keep government and citizen data in a cloud/mobile platform.
The Governor explains, “This is classic, ‘we’re only as strong as our weakest link’. And one door that’s left open anywhere in the state, could represent issues for us, so again, that’s why it’s so important that we have a comprehensive approach to this.”
Riley says North Dakota has a quarter-million devices in use that could be attacked at any given time. The problem isn’t going away.
The CIO shares, “If you go out five years, that could easily double. That’s happening all across the country, and that’s part of the reason we’re coming forth today. If we don’t stay ahead of this, if we don’t keep our systems secure today, we have no prayer for tomorrow.”
Governor Burgum says the official state budget for 2019 will be released on December 5th. The budget is then submitted to the Legislature, and we will find out in April if those millions of dollars worth of software and manpower are approved.
Riley says the department’s goal is to eventually move to a world where we are fighting hackers, machine versus machine. He says that will give us a much better chance of defending ourselves against these attacks that are truly coming in constantly, from all across the globe.
So what happens when you’re information is inevitably stolen, whether through government software or the hack of a business?
The State’s IT Department says the typical response in the wake of a successful cyber attack is for the business or government organization to offer a couple years of credit monitoring. Sometimes even additional identity protection services will be available.
But more importantly, be proactive. Regularly monitor your financial statements for any unusual activity.
Also, think about your family. Check and see if there is a credit report under your child’s social security number. Because if anything shows up, it could mean their social security numbers were stolen.
To limit attacks at home, there are three main focus areas:
1: Antivirus: Make sure you have up to date antivirus software running.
2: Account security: Make your passwords different for each of your accounts. If a hacker gets into one account, they could have access to other accounts, if your passwords are all the same or similar.
3: Keep your software updated. Out-of-date software can leave you open to vulnerabilities.